Identity and Access Management Engineer
About the position
AgWest Farm Credit is a member-owned financial cooperative that provides financing and related services to farmers, ranchers, agribusinesses, commercial fishermen, timber producers, rural homeowners and crop insurance customers in a seven-state territory in the Western United States. AgWest is part of the 100+ year-old Farm Credit System – the leading provider of credit to American agriculture.
AgWest champions the growth and advancement of agriculture, the value of rural communities, and the vital contribution our customers make to the economy and society. We serve customers in 59 locations throughout the West.
We are in search of an Identify and Access Engineer II or a Senior Identity Access Engineer III to join our Infrastructure and Operations department in Spokane, Washington, or Rocklin, California. This full-time position reports to the Senior Identity Access Management (IAM) Architect and is a practitioner role responsible for the configuration and implementation of IAM solutions. This role works closely with Security, Infrastructure, Human Resources, and Application teams to maintain robust identity lifecycle processes, authentication and authorization controls, and governance frameworks aligned with Zero Trust and least‑privilege principles. This role plays a critical part in advancing AgWest’s enterprise IAM maturity, enabling secure access, and supporting our cloud-forward strategy.
Responsibilities
• Administer and optimize directory services such as Ping One, Entra ID, Active Directory, LDAP, and related identity repositories.
• Maintain identity data integrity, attribute mappings, schema extensions, automated provisioning, and synchronization processes.
• Identify gaps in lifecycle processes and recommend enhancements or workflow automation opportunities.
• Implement and manage authentication methods.
• Support and configure SSO integrations using SAML, OAuth, OIDC, and SCIM for enterprise SaaS and on-prem applications.
• Configure Conditional Access, access packages, entitlement management, and Just-In-Time (JIT) controls
• Build and maintain identity automation using tools such as PowerShell, Graph API, REST APIs, or Logic Apps.
• Analyze and improve IAM workflows, reduce manual touchpoints, and increase operational reliability.
• Troubleshoot complex authentication, directory, and authorization issues across hybrid and cloud environments.
• Partner with application teams to onboard new systems to the IAM ecosystem.
• Provide Tier 3 support for IAM‑related incidents and escalations.
• Assist in IAM roadmap planning, tool evaluations, and proof‑of-concept initiatives.
• Perform all duties and maintain all standards in accordance with company policies, procedures, and internal controls.
• Other duties as assigned.
Requirements
• Generally, requires five to seven years’ experience in IAM engineering, security engineering, or related roles
• Proficiency with Entra ID / Azure AD, Active Directory, Conditional Access, authentication protocols, and SSO/SaaS integrations
• Strong scripting skills (PowerShell highly preferred)
• Understanding Zero Trust architecture, least privilege principles, and modern identity frameworks
• Hands-on experience with MFA, identity federation, and access governance
Nice-to-haves
• Experience with IAM tools such as SailPoint, Saviynt, Okta, Ping, CyberArk, or BeyondTrust
• Familiarity with automation/orchestration (Logic Apps, Azure Automation, Identity Governance workflows, etc.)
• Knowledge of cloud security (Azure, AWS, or GCP)
• Certifications such as Microsoft Certified: Identity & Access Administrator, SC‑300, CISSP, or similar
• Familiarity with identity governance, access reviews, and compliance frameworks (e.g., SOX, NIST)
Benefits
• Medical, dental, and vision insurance
• Basic term life and AD&D insurance (fully paid for by the company)
• Paid days off annually: 15 vacation, 15 sick, 12 holidays and 3 volunteer
• 401(k) plan (6% match plus 3% employer contribution)
• Employee Assistance Program
• Wellness Program
• Jeans are welcome at work every day at AgWest!
• Vacation accrual rates increase with tenure.
• Details about insurance and retirement benefits are available at: https://www.farmcreditfoundations.com/fcfbenefits
• After an initial in-office training period, this position is eligible for workplace flexibility and a one-time home office stipend.
Apply tot his job
Apply To this Job
AgWest Farm Credit is a member-owned financial cooperative that provides financing and related services to farmers, ranchers, agribusinesses, commercial fishermen, timber producers, rural homeowners and crop insurance customers in a seven-state territory in the Western United States. AgWest is part of the 100+ year-old Farm Credit System – the leading provider of credit to American agriculture.
AgWest champions the growth and advancement of agriculture, the value of rural communities, and the vital contribution our customers make to the economy and society. We serve customers in 59 locations throughout the West.
We are in search of an Identify and Access Engineer II or a Senior Identity Access Engineer III to join our Infrastructure and Operations department in Spokane, Washington, or Rocklin, California. This full-time position reports to the Senior Identity Access Management (IAM) Architect and is a practitioner role responsible for the configuration and implementation of IAM solutions. This role works closely with Security, Infrastructure, Human Resources, and Application teams to maintain robust identity lifecycle processes, authentication and authorization controls, and governance frameworks aligned with Zero Trust and least‑privilege principles. This role plays a critical part in advancing AgWest’s enterprise IAM maturity, enabling secure access, and supporting our cloud-forward strategy.
Responsibilities
• Administer and optimize directory services such as Ping One, Entra ID, Active Directory, LDAP, and related identity repositories.
• Maintain identity data integrity, attribute mappings, schema extensions, automated provisioning, and synchronization processes.
• Identify gaps in lifecycle processes and recommend enhancements or workflow automation opportunities.
• Implement and manage authentication methods.
• Support and configure SSO integrations using SAML, OAuth, OIDC, and SCIM for enterprise SaaS and on-prem applications.
• Configure Conditional Access, access packages, entitlement management, and Just-In-Time (JIT) controls
• Build and maintain identity automation using tools such as PowerShell, Graph API, REST APIs, or Logic Apps.
• Analyze and improve IAM workflows, reduce manual touchpoints, and increase operational reliability.
• Troubleshoot complex authentication, directory, and authorization issues across hybrid and cloud environments.
• Partner with application teams to onboard new systems to the IAM ecosystem.
• Provide Tier 3 support for IAM‑related incidents and escalations.
• Assist in IAM roadmap planning, tool evaluations, and proof‑of-concept initiatives.
• Perform all duties and maintain all standards in accordance with company policies, procedures, and internal controls.
• Other duties as assigned.
Requirements
• Generally, requires five to seven years’ experience in IAM engineering, security engineering, or related roles
• Proficiency with Entra ID / Azure AD, Active Directory, Conditional Access, authentication protocols, and SSO/SaaS integrations
• Strong scripting skills (PowerShell highly preferred)
• Understanding Zero Trust architecture, least privilege principles, and modern identity frameworks
• Hands-on experience with MFA, identity federation, and access governance
Nice-to-haves
• Experience with IAM tools such as SailPoint, Saviynt, Okta, Ping, CyberArk, or BeyondTrust
• Familiarity with automation/orchestration (Logic Apps, Azure Automation, Identity Governance workflows, etc.)
• Knowledge of cloud security (Azure, AWS, or GCP)
• Certifications such as Microsoft Certified: Identity & Access Administrator, SC‑300, CISSP, or similar
• Familiarity with identity governance, access reviews, and compliance frameworks (e.g., SOX, NIST)
Benefits
• Medical, dental, and vision insurance
• Basic term life and AD&D insurance (fully paid for by the company)
• Paid days off annually: 15 vacation, 15 sick, 12 holidays and 3 volunteer
• 401(k) plan (6% match plus 3% employer contribution)
• Employee Assistance Program
• Wellness Program
• Jeans are welcome at work every day at AgWest!
• Vacation accrual rates increase with tenure.
• Details about insurance and retirement benefits are available at: https://www.farmcreditfoundations.com/fcfbenefits
• After an initial in-office training period, this position is eligible for workplace flexibility and a one-time home office stipend.
Apply tot his job
Apply To this Job